Something is wrong.
Instagram token error.

Extending OpenLDAP in Mac OS X Server

Posted: October 1st, 2009 | Author: | Filed under: LDAP, Mac OS X Server | 1 Comment »

So you have an Open Directory server and you want to extend the LDAP schema? Interesting, well as you probably have already noticed, if you go about it the wrong way your LDAP schema will not replicate to your Open Directory Replicas. The proper way to extend or add additional schemas is as follows:

First, you need to have your *.schema that you want to install. Place it into /etc/openldap/schemas/ and add the schema to /etc/openldap/slapd.conf

Second, you’ll need to shutdown ldap and launch it manually to generate the appropriate ldif files.

  1. launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
  2. /usr/libexec/slapd -d 99 -f /etc/openldap/slapd.conf -F /etc/openldap/slad.d


Ensure the message output on your screen indicates that the service fired up correctly and then ctrl-C out of it.

Next, you want to go into the slapd.d\cn=config\cn=schema folder and find the file that says cn={X}schemaname.ldif. Edit it and strip off all the lines that start with:

  1. dn
  2. cn
  3. objectClass
  4. entryUUID
  5. creatorsName
  6. createTimestamp
  7. entryCSN
  8. modifiersName
  9. modifyTimestamp

Take the remainder of the file and cat it onto the customSchema.ldif file.

  1. cat cn\=\{8\}myschema.ldif >> cn\=\{9\}customSchema.ldif

Be careful with this step though, watch spacing, line breaks, and formatting. Here’s an example to see if yours looks right.


olcAttributeTypes: {0}( 1.3.6.1.4.1.30540.2.1.101
NAME 'ec2HomeDirectory'
DESC 'home directory path'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.30540.2.2.100 NAME 'Amazon Account'
DESC 'Honk if you like clouds'
SUP top AUXILIARY MAY ( ec2HomeDirectory ) )

Edit /etc/openldap/slapd.conf and remove the schema file we added in the beginning and erase the associate ldif file from the slapd.d\cn=config\cn=schema folder. Use the same launchctl command as above to start your service back up and it should all be good to go!

  1. launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

One Comment on “Extending OpenLDAP in Mac OS X Server”

  1. 1 Benjamin Schweizer said at 10:22 am on January 14th, 2010:

    Thanks for posting this receipt; here are some additions:
    – this is called run-time configuration and is is a new feature in OpenLDAP 2.3. It enables schema modifications on the fly
    and it was introduced in Mac OS X 10.5+ (see http://www.zytrax.com/books/ldap/ch6/slapd-config.html)
    – instead of patching files in the slapd.d directory, you can also re-create it from the static config in slapd.conf and the schemas/ directory. This can be done using “slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d”. Though, check twice if all active schemas are really there or you might loose previous run-time changes.

Leave a Reply